This scenario is a classic example of DLL hijacking (also called DLL search order hijacking). On Windows, when an application attempts to load a required DLL without using a fully qualified path, the operating system searches for that DLL in a defined search order (including, in many cases, the application directory and other locations that may be writable by a low-privileged user). If an attacker can place a malicious DLL with the same name as the expected library into a directory that is searched before the legitimate DLL’s location, Windows will load the attacker’s DLL first. When the trusted application starts, the malicious DLL is loaded into the process, causing the attacker’s code to execute in the context and privileges of that application.
The question’s clues align tightly with DLL hijacking:
A “non-privileged process loaded a malicious library instead of the intended library” indicates a library preloading/search-order issue rather than exploiting a kernel bug.
The attacker “placed the rogue file in a directory Windows searched before the legitimate location,” which directly describes search order manipulation.
“When the trusted application started, the attacker’s code executed with the application’s privileges” reflects how DLL hijacking can lead to privilege escalation when the target process runs with higher privileges (e.g., as admin or SYSTEM).
“No registry changes … were involved” helps rule out techniques like certain COM hijacks or registry-based persistence and also points away from UAC bypass methods that often rely on registry keys or auto-elevated behaviors.
Why the other options don’t fit:
Exploiting vulnerabilities (A) is too generic and would typically reference a software flaw (buffer overflow, kernel exploit, etc.).
Access token manipulation (C) involves stealing/impersonating tokens, not DLL search order behavior.
Bypassing UAC (D) targets elevation prompts and auto-elevation mechanisms, not DLL loading precedence.
Therefore, the technique is B. Privilege Escalation Using DLL Hijacking.
