This case study analyzed a stealthy host-based compromise in which the attacker exploited the trusted Windows binary mshta.exe to execute a remotely hosted, obfuscated JavaScript payload. The attacker’s strategy was notable not for brute force or privilege escalation, but for quiet persistence and clever abuse of native system behavior.