To answer my own question and maybe to raise some attention of others who might have better ideas, here is what I've come up with.
I created a script in my target host's home directory containing this:
if [ -t 0 ] ; then # interactive
if [ -r $0.fifo ] ; then rm $0.fifo ; fi
mkfifo -m 600 $0.fifo
echo -n "Password for upcoming winscp session: "
echo -n "Waiting for connection..."
echo $p > $0.fifo
elif [ -r $0.fifo ] ; then # non interactive - fifo exists
In my winscp settings for the host I have now this configured as shell:
SUDO_ASKPASS=mypass sudo -A su - TARGETUSER
Before I invoke the winscp session I log in to the target host starting "mypass", which will then ask me for the password and put it into a fifo. As soon as the fifo was read, I get the message "Connected" and the fifo gets removed.
But while the script is waiting for the connection, after I entered my password, I start winscp and connect to my host. The sudo command of my shell-commands starts "mypass" and notices that it's non-interactive and that a password is waiting in the fifo. It reads the password, echos it to stdout (for sudo to read) and deletes the fifo. I delete the fifo twice just to be sure that it's removed, either by the writer or by the reader.