The xls attachment of the mail, also arrived in Italy, randomly contacts a link from an internal list and downloads the dll, starting the malware infection.
The email xz attachment contains an exe, the malware itself. This is an info stealer, which targets passwords, credit cards and cryptocurrency wallets.
The attack is part of the TA551 (Shathak) campaign. The xlsm file in the email zip attachment contacts internal URLs to download the dll, starting malware infection.