If you just run tor inside the VM, the above is true. If all the traffic out of the VM is routed through tor, then the IP address they will get is a tor (not clearnet) IP address. In order to get a clearnet IP address off a VM, you'll need to exploit the VM itself, a task clearly much harder than misusing javascript in a browser.