From "Donna Vipond" [firstname.lastname@example.org]Attached is a file 75805.doc which comes in two (or more) different versions (Hybrid Analysis report  ). The samples I saw downloaded a file from either:
Date Tue, 30 Jun 2015 13:13:28 +0100
Subject Payment due - 75805
Please advise when we can expect to receive payment of the attached
invoice now due? I await to hear from you.
Event Furniture Ltd T/A Event Hire
Tel: 01922 628961 x 201
This is saved as %TEMP%\silvuple.exe and it has a VirusTotal detection rate of 6/55. The various analyses including this Malwr report and this Hybrid Analysis indicate malicious traffic to 220.127.116.11 (Hetzner, Germany).
The payload is probably the Dridex banking trojan.