I would not use Sandboxie for malware analysis because this is far too dangerous for your host system.
It is just a container with a few more restrictions that runs in your OS. It is more lightweight, but also less secure than a VM.
An actual Virtual Machine is safer. There is always the possibility that malware can escape, but it rarely happens for VMs. Most malware with VM detection capabilities refuses to work on VMs (to avoid analysis) instead of becoming more violent.
Exploits for sandboxes on the other hand are more common. It is possible to break out of Sandboxie and to execute any code on the main system. The vulnerability to those kinds of exploits is part of the design of a Sandbox, thus, it cannot be fixed.
There are several papers about this topic. E.g.:
Some quotes from the first paper:
"We tested an exploit for CVE-2012-0217 in the Sandboxie confinement on an x86_64 platform running the default Windows 7 SP1 kernel. Our exploit worked flawlessly, and allowed us to run arbitrary code in kernel mode. "
“The default installation of Sandboxie did not prevent any keylogging whatsoever. The attacker had full access to the key logging activity of the entire machine.”
“Sandboxie was not able to prevent stealing from the clipboard and the attacker had full access to the victims host clipboard.”
"Sandboxie allows access to the network shares from within the sandbox. "
“Our testing proves that due to the large exposure to the OS, a lot of sandboxes aren’t able to completely protect against undesired access. This is indeed a concern since these sandboxes are designed to expect execution of ‘untrusted’ code.
Type A sandboxes [includes Sandboxie] by design, are vulnerable to a relatively large attack surface.”