Thanks for the question. You are able to setup a sandbox environment on an Azure Virtual Machine whereas you are responsible for the infrastructure. I would caution you against deploying Malware on a SaaS or PaaS offering (like a Web App) as the platform handles the security so deploying anything with malware would be quickly removed or resolved.
A benefit of using Azure VMs as your sandbox would be that if you need to delete the VM or the environment you can easily do that and deploy a fresh one. The ability to isolate VMs from one another or allow them to communicate would also be good for testing how things spread but with the ability to limit traffic to a single Vnet you could actually contain any tests.
For more on this idea please see this thread here.
----------
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.