Successful login from anonymous account

Occasional Contributor

I have a small honeypot environment and been working on making new queries for threat hunting. During this process I came across a login successful for the anonymous account. What has baffled me a bit is that it came from a remote address, but wasn't an elevated entry. 

 

Does anyone have some tips and tricks to deep dive into this a little better or is this something you would typically ignore? 

 

TimeGenerated [UTC]2020-08-24T05:22:23.433Z
SourceSystemOpsManager
AccountNT AUTHORITY\ANONYMOUS LOGON
AccountTypeUser
ComputerServer
EventSourceNameMicrosoft-Windows-Security-Auditing
ChannelSecurity
Task12544
Level8
EventID4624
Activity4624 - An account was successfully logged on.
AuthenticationPackageNameNTLM
ElevatedToken%%1843
ImpersonationLevel%%1833
IpAddress223.31.97.130
IpPort43515
KeyLength0
LmPackageNameNTLM V1
LogonGuid00000000-0000-0000-0000-000000000000
LogonProcessNameNtLmSsp
LogonType3
LogonTypeName3 - Network
Process-
ProcessId0x0
ProcessName-
RestrictedAdminMode-
SubjectAccount-\-
SubjectDomainName-
SubjectLogonId0x0
SubjectUserName-
SubjectUserSidS-1-0-0
TargetAccountNT AUTHORITY\ANONYMOUS LOGON
TargetDomainNameNT AUTHORITY
TargetLinkedLogonId0x0
TargetLogonId0x1130dcf
TargetOutboundDomainName-
TargetOutboundUserName-
TargetUserNameANONYMOUS LOGON
0 Replies