In using the analyzer Hybrid-Analysis, this assumed that we have already downloaded the attachment from the suspected email. Is it still save at that point to download the file/attachment and then drop it into the sandbox? Or should the entire process be done in a virtual machine where the suspicious file is downloaded (but not executed yet) and then analyzed?
Sorry if this was asked already but I couldn’t find it on the forum.