From: email@example.comPossibly due to an error in setting up the spam run, there is an attachment named 05-07-2016_rndnum(4,9)}}.docm which contains a malicious macro. We haven't seen much in the way of Word-based malware recently. The two samples I received have VirusTotal detection rates of 5/52 and 6/52. The Malwr analysis for those samples   shows the macro downloading a binary from:
Date: 5 July 2016 at 12:47
Subject: Scanned image
Image data has been attached to this email.
There will be a lot more locations too. This drops a binary with a detection rate of 5/55 which appears to be Locky ransomware. Hybrid Analysis shows it phoning home to:
126.96.36.199 (Host Sailor, Romania / UAE)
188.8.131.52 (Host Sailor, Romania / UAE)
184.108.40.206 (MWTV, Latvia)
Host Sailor is a notoriously Black Hat web host, MWTV has is problems too. The payload appears to be be Locky ransomware.