This thesis investigates equivocal software behaviours (ESBs) - actions performed by trusted software that are not explicitly communicated to the user and may raise concerns about privacy, integrity, or data confidentiality. The work contributes to the broader discussion on software transparency, SBOM adoption, and supply chain security. Context and motivation Software supply chain attacks grew from 1% of total attacks in 2020 to 17% in 2021 (ENISA, 2023). Notable incidents such as the SolarWinds Orion compromise, the Colonial Pipeline ransomware attack, and the Log4j vulnerability demonstrated that trusted software components can silently act as attack vectors. This thesis addresses the need for software transparency by identifying and classifying behaviours that trusted software performs without user disclosure. Methodology Using the MITRE ATT&CK Enterprise Matrix (v4.0) as a reference framework, 60 techniques were reviewed through a peer-review and card-sorting process, resulting in the definition of 12 Equivocal Software Behaviours (ESBs): ESB1 - System Analysis and Resource Discovery ESB2 - Network Enumeration and Analysis ESB3 - Network Traffic Manipulation and Covert Communications ESB4 - Scripting and Code Execution ESB5 - Task Scheduling and System Automation ESB6 - Advanced OS Utility Exploitation and Interaction ESB7 - Privilege Manipulation ESB8 - Software Extension and Interaction ESB9 - Control Evasion and Analysis Avoidance ESB10 - Logging Evasion and Indirect Software Execution ESB11 - Encryption Manipulation ESB12 - Media Capture A custom asynchronous multithreaded Python tool was developed to automate the submission and parallel analysis of 36 goodware binaries across three sandbox platforms via their REST APIs: Hybrid Analysis (Falcon Sandbox) - static and dynamic analysis on Windows 10 and Windows 11 VirusTotal - distributed sandbox network including CAPA, CAPE, and ZENBOX ANY.RUN - interactive real-time analysis with forensic data collection Dataset 36 goodware binaries classified using SourceForge taxonomy, covering system software (20%), productivity (15%), multimedia (15%), internet (13%), communications (11%), and other categories. Key findings ESB1 (System Analysis and Resource Discovery) and ESB6 (Advanced OS Utility Exploitation) were detected in 100% of the analysed systems, including widely used browsers and streaming platforms ESB3 (Network Traffic Manipulation) and ESB11 (Encryption Manipulation) were not detected in any of the analysed systems Hybrid Analysis proved to be the most comprehensive platform, consistently returning the most complete behavioural reports Trusted software routinely exhibits behaviours typical of malware reconnaissance, without any user disclosure Conclusions In the absence of transparent declarations from vendors - such as Software Bill of Materials (SBOM) - undocumented actions in trusted software constitute a concrete privacy risk and a silent attack vector for advanced adversaries.