This one was actually much harder to discern that it was a hack attempt until I looked at the payload in an editor.
Never EVER under any circumstances read HTML mail from a source you don’t trust … and I am getting ready to say, from anyone.
Here is a portion of the payload:
Email content should NEVER EVER EVER have executable payloads. Get yourself a dropbox for that. They should NEVER EVER EVER include an HTML doc as an attachment.
Won’t even try this one in a VM. Anyone who wants to see the payload, drop me a note. In plain text.