Sure i get what your saying. My only issue with this is, alot of malware or viruses will not unpack and execute if in a sandbox or vm enviroment. They can also "Breakout" of sandboxes and vm enviroments and attack other devices on the same network. They are very smart. They look for these types of systems and either unpack or not. Escape or not. Its a gamble. When i do malware testing i use a custom system that i have created to track and monitor it. When i produce malware payloads i use custom packers and embed shell code into applications and files. I wrap them in ruby and python because av and anti-malware cannot read these languages in most cases.
I'm not saying anyone is right or wrong. Im not saying anyone sent anyone any infected files. I'm just sharing my exp here and giving some resources that might give light or help. But i know for sure. I would NOT execute anything in a sandbox on my network, unless the whole system was isolated onto another subnet, with very strong ingress and egress rules. Again. Just my two cents.
If your inteterested.. read this...
http://digitalizedwarfare.com/2016/03/24/sandbox-stories-flight-of-the-great-cuckoo-bird/
http://digitalizedwarfare.com/category/shellcode/