You might not be able to track down how someone got in to place that file, but there are a lot of good recommendations in this article to keep your site secure going forward, even if you have already cleaned what you have found:
My site was hacked. How do I use Wordfence to clean it?
If you know the date/time that was on the file, your host may be able to help you go through your web server and FTP logs, to see if there is anything relevant around the same time, but sometimes the file dates are faked, which makes it difficult. On shared hosting, sometimes other customers on the same host can get through as well, if the host is not set up correctly.
Thank you for the 5 stars!