Here is a quick run down of what I have setup for any malware analysis vms. I utilize 2 primary vms running in VirtualBox. Before FireEye Flare I was just running a normal Windows 7 image with my necessary tools. After Flare was released, this is now my primary Windows vm. I also run Remnux along side Flare. While you can do a good portion of your work from a single vm, I opt in to using Remnux for any python tools being utilized for RE. Just me but I find this easier.
Reminder once you have everything the way you like it, export the appliance to keep a backup and also create a snapshot to revert after any analysis on that vm.