I think that's less likely, if MS gets a thousand identical copies of a binary, they probably aren't going to bother test-analyzing more than one. There also might be some rate-limiting on what they'll do from a particular machine.
So your attack might require first controlling a swam of Windows 10 machines, in which case you might as well do it directly :P
Who said anything about identical binaries? It's trivial to make two completely differently obfuscated binaries that do the same thing. If it were possible to determine behavior by static analysis, they wouldn't need to run it...
My first thought was this leading to DoS, even accidental ones.
If you're testing that your binary builds requests properly, maybe you've got it making them as fast as possible and you're running it without network permissions. Fine, until it suddenly runs with full network access and hammers whatever service you're pointing at.
So your attack might require first controlling a swam of Windows 10 machines, in which case you might as well do it directly :P