Hi!
In such case you need to give them an already backdoored executable, something that pop-up as normal a normal update. I know that for a cpative portal this is not normal but you should make it look like it is, so creating a custom installer would be the option here. To make it more real it will have to display the companies logo and stuff like that. The executable doesn’t have to do anything at all, I mean to the the system, it will be just a dummy executable that display brands logo, some info and a loading bar but in the background it will run the malware.

Greetings!
Diego