From: CreditControl@crosswater.co.ukAttached is a malicious script ~13190.js which comes in at least two different variants (VirusTotal  ). According to automated analysis     these scripts download from:
Date: 8 February 2016 at 10:34
Subject: Accounts Documentation - Invoices
Please find attached the invoice(s) raised on your account today. If you have more than one invoice they will all be in the single attachment above.
If you have any queries please do not hesitate to contact the Credit Controller who deals with your account.
Alternatively if you do not know the name of the Credit Controller you can contact us at:
or call us on 0845 873 8840
Please do not reply to this E-mail as this is a forwarding address only.
This drops an executable with a detection rate of 3/53 which appears to phone home to:
126.96.36.199 (NoTag, Germany)
I strongly recommend that you block traffic to that IP address. The payload is likely to be the Dridex banking trojan.