From wikpedia for people not familiar with sandbox:
Sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.
The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.
How does it work ?
Well it's pretty easy. First of all take a look into /usr/share/snadbox/ for a complete list of configuration commands. After that try to build your own configuration file, here a very simple "Deny All network Connections"
Here the screenshot of a ping used without sandbox-exec and within sandbox-exec (click on the picture to enlarge) :
I totally suggest this approach to test unknown files or suspected files, even if made from your hand.