From: firstname.lastname@example.orgAttached is a file =SCAN7318_000.DOC which seems to come in several different varieties (sample VirusTotal results   ). The Malwr reports    indicate the the macro in the document downloads a malicious executable from:
Date: 11 February 2016 at 10:24
Subject: Scan from KM1650
Please find attached your recent scan
The dropped executable has a detection rate of 2/54. As with this earlier spam run it phones home to:
18.104.22.168 (ZNET Telekom Zrt, Hungary)
Block traffic to that IP. The payload is the Dridex banking trojan.