Pure Crypter Malware Outsmarts Windows 11 24H2 Defenses

A sophisticated malware crypter known as Pure Crypter has been observed bypassing new security features introduced in Windows 11 version 24H2, according to researchers at eSentire. Designed as a modular malware delivery platform, Pure Crypter deploys multiple evasion techniques, including AMSI bypassing, DLL unhooking, and execution delays, to avoid detection by modern security tools.

The malware’s developers have introduced enhancements targeting the NtManageHotPatch API to circumvent process injection restrictions in Windows 11 build 26100. Upon detecting the system version via registry queries, Pure Crypter executes memory patching routines that enable RunPE (process hollowing) techniques to function effectively.

The tool’s flexibility allows threat actors to deliver a range of payloads, including ransomware and information stealers, while maintaining persistence. First identified during threat hunting operations, Pure Crypter continues to evolve in response to OS-level defenses, reflecting the growing sophistication of malware targeting Microsoft’s latest operating system protections.