As the others have pointed out, it could be well be malware from a trojanised software you've recently installed, or picked up by a 'drive-by download' from a dodgy/hacked website you've visted.
Spamming all your contacts with a link to somewhere either earns cash through a lowlife advertising 'cash-for-clicks' scheme, and/or helps propagate the malware because going to the website on that link will cause them to get infected by a drive-by too.
You were correct to change your password. If you use that password for any other main accounts (naughty naughty) change it for those as well- as the first thing they do when they get new account details, is test it against all the other web services- as most people don't use different passwords.
Over the past year there have been 100s of millions (if not billions) of email/account details stolen from some very big companies, and so it's probable your account was just hijacked to send the spam.
Do a scan with Malwarebytes, and a decent up-to-date antivirus (like the excellent, free Avast program) just to be sure anyway- most Windows PCs have some kind of spyware/malware on them anyway lol so you might as well clean it up.
If you still have a copy of the spam that was sent out, pm it me, and I'll check if it looks like any recent spam campaigns, or if the website linked to in it is known to be slinging malware/a scam site.
Here are a few sites for you to check if the email you used for an account name on a hacked site has appeared in any of the big data breaches on record:
https://haveibeenpwned.com/
https://breachalarm.com/
https://pwnedlist.com/query
If your email account does show up and you use the same/similar passwords for your actual email account,
then change your password now if it hasn't been already.
The best way to be safe is to set up a 'junk' email account with which to register at web web services but nothing else, and
do not use the same passwords for multiple sites.
