The sandbox environment is connected to its own network and often to its production facilities. The sandbox is designed to execute and evaluate dangerous code. This code can sometimes be a zero-day exploit where the effect and payload of the malware are unclear.