From: Currys PC World [firstname.lastname@example.org]There are a few different versions of the attachment with fairly low detection rates   and analysis of those two examples shows that the macro downloads from the following locations:
Date: 17 December 2015 at 08:27
Subject: Your eReceipt
Thank you. Thank you for your purchase from Currys PC World.
Your e-receipt is attached for your records.
We understand that sometimes products need to be returned. You can either return it to your nearest store or call 0344 561 1234 from the UK or 1890 400 001 from the Republic of Ireland to speak to our customer services team to discuss a refund or exchange. Please have your e-receipt number to hand to speed up the process.
Some email mobile apps don't always show attachments. If you can't see the attachment, simply forward this email to another email address to view and save.
Thank you once again from everyone at Currys PC World.
Terms and conditions
You are receiving this service email because you made a purchase from us and requested an electronic copy of your receipt. Please do not reply to this email. If you need to contact us you can do so at: email@example.com
Currys is a trading name of DSG Retail Limited, Maylands Avenue, Hemel Hempstead, Hertfordshire HP2 7TG, registered in England No. 504877, VAT No. 226659933. © DSG Retail Ireland Ltd, Unit 9A, The Park, Carrickmines, Dublin 18, Ireland Incorporated in Ireland, a private company with issued shares. Registration Number 259460.
The payload here is the Dridex banking trojan and is identical to the one found here and here.