Can CIS Virtual desktop be used as malware observation \ monitoring tool?

If for example I have a piece a malware, and I want to see what it does, without putting my system at risk, can I use virtual desktop?

If so, how would I know what is malware doing (or is it just crashed)? Since they usually try to hide themselves.

To see what it does you could enable the HIPS and exclude from sandboxing and run it. You should get HIPS alerts. You do this at your own risk! I have done it successfully for simple malwares but as stated no guarantees.